feishu-cli-msg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes commands that fetch and display user-generated Feishu message content and attachments (e.g., "批量获取消息" / "feishu-cli msg mget", "msg get"/"thread-messages", and "msg resource-download" in the SKILL.md), so the agent will ingest untrusted, user-originated content which could influence subsequent actions like replies/forwards—allowing indirect prompt injection.